Tech News, Reviews, Deals, and How-To's

This Android update is really nasty spyware — what you need to know

Android is getting more sophisticated and getting better at hiding its true intentions. The latest nasty spyware uncovered by security firm Zimperium masquerades as a system update app to make you unaware that it’s actually recording your calls, tracking your location and accessing your WhatsApp messages.

While Remote Access Trojans (RATs) are nothing new, malware pretending to be an Android update is certainly unusual. Once downloaded to an unsuspecting Android user’s phone, the app registers the device with Google’s Firebase Command & Control and then takes the resulting token to send system commands of its own through Cloud Messaging.

“The spyware creates a notification if the device’s screen is off when it receives a command using the Firebase messaging service,” explains Zimperium in a blog post. As you can see from the screenshot below, it appears as “Searching for update…” which isn’t a legitimate Android message.

(Image credit: Zimperium)

The malware actively waits for interesting activity and then springs into action. If you make a call, it will record the conversation, collect the updated call log and then send it to the C&C server as an encrypted .zip file. It’s also pretty good at covering its tracks, and will delete the evidence as soon as the server returns the “success” response. 

Leave A Reply

Your email address will not be published.